Worst security bug/feature you've seen?

Week 25 Group Rant

jallman112

7y

Earlier this year I had to deploy an "emergency" fix to production for (luckily) an internal facing, but customer impacting, web application.

It was only the login page they were changing. I backed up the original, copied the new file into place, and marked my task complete.

Then I went and read the details on the incident. Someone discovered that if you supply ANY valid username and leave the password blank, you're in! Put the wrong password and you're blocked, of course. But blank? You must be legit!

Curious, I looked at the timestamp on the original file I had backed up to see how long it had been like this.

4 years.

undefined

wk25

Ranter

Comments

1

ericwu91

179

7y

Oooooh, so many glitches I have found in our internal website. After mentioning a few to my boss and receiving a few "It's working, don't bother" - like answers, I simply glance over them, thanking the beings above for not being called responsible on the impeding catastrophe.
2

bdeluca

16

7y

recently had a contract to support more image formats on a application. I work on a opensource image format library. I remove all the bespoke code to open one image format, spend days compiling image libraries on all the platforms we support.
Start testing on all the platforms, get to windows it doesnt work. Pull my hair out for days.
Fire up the old app, it doesnt work either, iterate back through older version, none work.
Realise the most used platform never worked, re-write the whole thing. Works!
Get fired for taking to long to implement and extension to an existing feature. Point out existing feature never existed.

Related Rants

devRant © 2021 Hexical Labs LLC
Privacy Policy | Terms of Service